What is the CVSS score of CVE-2026-34571?

CVE-2026-34571 has a CVSS 3.1 base score of 9.9 (Critical). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H. EPSS exploitation probability: 0.1%.

Which versions of Ci4ms are affected by CVE-2026-34571?

CI4MS versions prior to 0.31.0.0 contain a stored cross-site scripting vulnerability in user management that allows low-privilege authenticated users to inject malicious code targeting…. A patch is available.

How to fix or mitigate CVE-2026-34571?

Within 24 hours: Identify all CI4MS installations and their current versions; audit user access logs for suspicious activity in user management sections. Within 7 days: Upgrade CI4MS to version 0.31.0.0 or later; if upgrade is not immediately feasible, restrict low-privilege user access to user management functions pending patching. Within 30 days: Conduct forensic review of user management logs for the past 90 days to detect potential exploitation; reset all administrative account credentials and enforce password re-authentication across all sessions.

Ci4ms CVE-2026-34571

EUVD-2026-18088 CRITICAL

Cross-site Scripting (XSS) (CWE-79)

2026-04-01 GitHub_M

GHSA-fc4p-p49v-r948

XSS Privilege Escalation Ci4ms

9.9

CVSS 3.1 · GitHub Advisory

Severity by source

GitHub Advisory PRIMARY

9.9 CRITICAL

AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Primary rating from GitHub Advisory · only source for this CVE.

CVSS VectorGitHub Advisory

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Changed

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Patch released

Apr 02, 2026 - 02:30 nvd

Patch available

EUVD ID Assigned

Apr 01, 2026 - 22:16 euvd

EUVD-2026-18088

Analysis Generated

Apr 01, 2026 - 22:16 vuln.today

CVE Published

Apr 01, 2026 - 21:32 nvd

CRITICAL 9.9

DescriptionGitHub Advisory

CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to version 0.31.0.0, a Stored Cross-Site Scripting (Stored XSS) vulnerability exists in the backend user management functionality. The application fails to properly sanitize user-controlled input before rendering it in the administrative interface, allowing attackers to inject persistent JavaScript code. This results in automatic execution whenever backend users access the affected page, enabling session hijacking, privilege escalation, and full administrative account compromise. This issue has been patched in version 0.31.0.0.

AnalysisAI

Stored cross-site scripting in CI4MS backend user management allows authenticated attackers with low-level privileges to inject malicious JavaScript that executes automatically when administrators access affected pages, enabling session hijacking and full administrative account takeover. The vulnerability affects all versions prior to 0.31.0.0 with a critical CVSS score of 9.9 due to scope change and high impact across confidentiality, integrity, and availability. …

Unlock full vulnerability intelligence

Risk assessment & exploitation conditions
Attack chain visualization
Remediation with exact patch versions
Threat intelligence from 22 sources
Personal watchlist & email alerts

Continue with Google Continue with GitHub

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access

Authenticate to CI4MS backend

Delivery

Inject malicious JavaScript in user management field

Exploit

Stored payload executes for all admins

Execution

Hijack admin session tokens

Impact

Escalate privileges and compromise system

Access

Authenticate to CI4MS backend

Delivery

Inject malicious JavaScript in user management field

Exploit

Stored payload executes for all admins

Execution

Hijack admin session tokens

Impact

Escalate privileges and compromise system

Vulnerability AssessmentAI

Exploitation	Authenticated backend user account required to access CI4MS user management interface (versions before 0.31.0.0). … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment	Real-world risk is critically high despite no confirmed active exploitation. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario	An authenticated attacker with low-level backend access creates or modifies a user account, injecting JavaScript payload into form fields such as username, display name, or bio that are rendered unsanitized in the administrative user listing page. When a system administrator navigates to the user management interface, the stored payload executes automatically in their browser session, exfiltrating session cookies to attacker-controlled infrastructure and enabling immediate administrative account takeover or execution of privileged operations such as creating backdoor accounts or modifying system configurations.
Remediation	Upgrade immediately to CI4MS version 0.31.0.0, which contains patches addressing the stored XSS vulnerability in backend user management functionality. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours: Identify all CI4MS installations and their current versions; audit user access logs for suspicious activity in user management sections. …

Threat intelligence, references, and detailed analysis are available after sign-in.

CVE-2026-34571 vulnerability details – vuln.today

Back

Ci4ms CVE-2026-34571

Severity by source

CVSS VectorGitHub Advisory

Lifecycle Timeline

DescriptionGitHub Advisory

AnalysisAI

Unlock full vulnerability intelligence

Attack ChainAIDerived

Vulnerability AssessmentAI

Recommended ActionAI

Share

External POC / Exploit Code